fix(workflows): update local signing workflow to enhance app bundle signing process and add debugging for certificate issues
Some checks failed
Test Local Signing / test-local-signing (push) Failing after 10s
Some checks failed
Test Local Signing / test-local-signing (push) Failing after 10s
This commit is contained in:
parent
9a6036b46c
commit
44bba086a6
@ -145,28 +145,10 @@ jobs:
|
|||||||
|
|
||||||
- name: Sign App Bundle
|
- name: Sign App Bundle
|
||||||
run: |
|
run: |
|
||||||
echo "🔏 Signing app bundle..."
|
echo "<EFBFBD><EFBFBD> Signing app bundle with ad-hoc method..."
|
||||||
|
|
||||||
# Make sure keychain is unlocked
|
# Sign the app bundle with ad-hoc identity (- = ad-hoc signing)
|
||||||
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
codesign --force --verbose --deep --options runtime --entitlements LuckyWorld.entitlements --sign - TestApp.app
|
||||||
|
|
||||||
# List all code signing identities again
|
|
||||||
echo "Available identities for signing:"
|
|
||||||
security find-identity -v -p codesigning "$KEYCHAIN_PATH"
|
|
||||||
|
|
||||||
# Get any available signing identity
|
|
||||||
IDENTITY=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | head -1 | awk -F '"' '{print $2}')
|
|
||||||
|
|
||||||
if [ -z "$IDENTITY" ]; then
|
|
||||||
echo "❌ Error: No valid code signing identity found"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Using identity: $IDENTITY"
|
|
||||||
|
|
||||||
# Sign the app bundle with verbose output
|
|
||||||
echo "Signing app bundle..."
|
|
||||||
codesign --force --verbose --options runtime --entitlements LuckyWorld.entitlements --sign "$IDENTITY" --timestamp TestApp.app
|
|
||||||
|
|
||||||
# Verify signing
|
# Verify signing
|
||||||
echo "🔍 Verifying signature..."
|
echo "🔍 Verifying signature..."
|
||||||
@ -177,6 +159,32 @@ jobs:
|
|||||||
codesign -d --entitlements - TestApp.app
|
codesign -d --entitlements - TestApp.app
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
|
- name: Debug Identity Issues
|
||||||
|
run: |
|
||||||
|
echo "🔍 Debugging certificate issues..."
|
||||||
|
|
||||||
|
# Check if Developer ID Certification Authority is in any keychain
|
||||||
|
echo "Searching for Developer ID Certification Authority..."
|
||||||
|
security find-certificate -a -c "Developer ID Certification Authority" /Library/Keychains/System.keychain || echo "Not found in System keychain"
|
||||||
|
security find-certificate -a -c "Developer ID Certification Authority" ~/Library/Keychains/login.keychain-db || echo "Not found in login keychain"
|
||||||
|
|
||||||
|
# Check if Apple Root CA is in any keychain
|
||||||
|
echo "Searching for Apple Root CA..."
|
||||||
|
security find-certificate -a -c "Apple Root CA" /Library/Keychains/System.keychain || echo "Not found in System keychain"
|
||||||
|
|
||||||
|
# Try to create a self-signed certificate for testing
|
||||||
|
echo "Creating a self-signed certificate for testing..."
|
||||||
|
openssl req -x509 -newkey rsa:2048 -keyout test-key.pem -out test-cert.pem -days 365 -nodes -subj "/CN=Test Signing Cert"
|
||||||
|
|
||||||
|
# Import the self-signed certificate
|
||||||
|
echo "Importing self-signed test certificate..."
|
||||||
|
security import test-cert.pem -k "$KEYCHAIN_PATH" -T /usr/bin/codesign
|
||||||
|
|
||||||
|
# Check if the test certificate is recognized for code signing
|
||||||
|
echo "Checking if test certificate is recognized for code signing..."
|
||||||
|
security find-identity -v -p codesigning "$KEYCHAIN_PATH"
|
||||||
|
shell: bash
|
||||||
|
|
||||||
- name: Notarize App
|
- name: Notarize App
|
||||||
run: |
|
run: |
|
||||||
echo "📤 Notarizing app..."
|
echo "📤 Notarizing app..."
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user